3ce2ec3754
Merge pull request 'feat: auto-unseal vault every hour' ( #132 ) from neoloc/vault_unseal_check into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/132
2024-08-06 22:51:54 +10:00
7863d54275
feat: auto-unseal vault every hour
...
- add cron job to run vault unsealing service hourly
2024-08-06 22:51:16 +10:00
988e7c2a32
Merge pull request 'feat: auto restart puppetdb' ( #131 ) from neoloc/puppetdb_restart into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/131
2024-08-06 22:47:02 +10:00
0c44654a47
feat: auto restart puppetdb
...
- found several times the puppetdb service locks up after a week of active time
- restart the puppetdb nightly to prevent lock ups
2024-08-06 22:43:07 +10:00
20ee6fa19e
Merge pull request 'feat: add rundeck runner user' ( #130 ) from neoloc/rundeck_user into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/130
2024-08-06 22:36:54 +10:00
c846cc4e21
feat: add rundeck runner user
...
- add rundeck account on all hosts except rundeck
- add rundeck ssh private/public key to rundeck server
2024-08-06 22:33:32 +10:00
2ae8dbc0ac
feat: add gonic role
...
- basic role only
2024-08-01 22:38:32 +10:00
eb32a216f5
Merge pull request 'neoloc/rundeck' ( #121 ) from neoloc/rundeck into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/121
2024-07-28 02:05:20 +10:00
5354c99b1e
feat: add rundeck profile
...
- export mysql user for each rundeck server
- ensure the jdbc driver for mariadb is available
- exclude jq from default packages (managed by rundeck)
- add groups for admin/user for each project in rundeck
- add consul service
- add vault certificates
- add ssh principals
- add nginx simpleproxy
2024-07-28 01:51:41 +10:00
6a3123e12e
Merge pull request 'feat: change packages to Hash' ( #120 ) from neoloc/packages_hash into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/120
2024-07-27 16:29:48 +10:00
08241692ee
feat: add rundeck
...
- add puppet-rundeck module
- add rundeck role
2024-07-27 13:06:14 +10:00
76989e45c4
feat: change packages to Hash
...
- change from multiple arrays for managing packages to a hash
- change to ensure_packages to prevent duplicate resource conflicts
2024-07-27 13:05:54 +10:00
cc01259a64
feat: change packages to Hash
...
- change from multiple arrays for managing packages to a hash
- change to ensure_packages to prevent duplicate resource conflicts
2024-07-27 13:01:06 +10:00
b5148fc2a0
Merge pull request 'fix: generate_types cahnges' ( #119 ) from neoloc/puppetserver_startup into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/119
2024-07-27 00:17:46 +10:00
ab44bfc430
fix: generate_types cahnges
...
- this command will always fail, remove the systemd dropin
- create script that will run and exit with 0
- create systemd service/timer to run script daily
2024-07-27 00:13:25 +10:00
480eced404
Merge pull request 'feat: add vrrp to halb' ( #116 ) from neoloc/keepalived into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/116
2024-07-14 22:07:34 +10:00
946922fdb9
feat: add vrrp to halb
...
- update keepalived module to 5.1.0
- add keepalived::vrrp::* to be deep merged in hiera
- add vrrp dns configuration
- add vrrp instance/script to halb in syd1
2024-07-13 20:15:13 +10:00
0fb11b22cf
feat: add param for ffmpeg
...
- add param to jellyfin class to specify the path to ffmpeg
- update templates to use location
2024-07-11 22:41:08 +10:00
f63cf2f654
fix: create nginx cache dirs before nginx class
2024-07-09 23:29:56 +10:00
e8c8f5c1d6
fix: simpleproxy create cachedirs
...
- ensure the '/var/cache/nginx' directory exists
2024-07-09 23:27:51 +10:00
1204ee3314
feat: actually add nzbget profile
2024-07-09 23:20:12 +10:00
1532641640
feat: add nzbget to media platform
...
- add haproxy rules
- generate/distribute letsencrypt certificates
- manage access to cephfs
2024-07-09 22:32:54 +10:00
bd5164fed3
feat: certbot reorg
...
- moved certbot into its own module
- added fact to list available certificates
- created systemd timer to rsync data to $data_dir/pub
- ensure the $data_dir/pub exists
- manage selinux for nginx
2024-07-08 22:33:11 +10:00
30ec8c1bb1
feat: enable retrieval of certbot certs
...
- refactor certbot
- add nginx to certbot hosts
2024-07-07 22:30:40 +10:00
9db714d02f
feat: manage certbot
...
- add haproxy backend for be_letsencrypt
- manage the certbot role/profile
- create define to export certificate requests
2024-07-07 21:21:50 +10:00
152ffaa1d3
Merge pull request 'feat: stop installing systemd exported by default' ( #94 ) from neoloc/systemd_exporter_removal into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/94
2024-07-07 15:02:48 +10:00
65046329f4
feat: stop installing systemd exported by default
2024-07-07 15:01:49 +10:00
d05cf628a8
Merge pull request 'fix: change service to socket' ( #93 ) from neoloc/cobbler_socket into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/93
2024-07-06 23:40:20 +10:00
da1402691c
fix: change service to socket
...
- ensure the tftpd.socket is running, which starts the service
2024-07-06 23:37:55 +10:00
b5c7b310ee
Merge pull request 'neoloc/mediaproxy' ( #92 ) from neoloc/mediaproxy into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/92
2024-07-06 23:24:49 +10:00
8b01ddba9c
fix: cleanup simpleproxy
...
- remove commented sections
- remove $server from locations
2024-07-06 22:09:16 +10:00
d1dd12a091
feat: add cache to simpleproxy
2024-07-06 22:05:55 +10:00
354e561380
feat: add ldapauth for nginx
...
- add service, defaults and script
2024-07-06 22:02:00 +10:00
02a2097955
feat: paramatise use_default_location
...
- allow the use of location blocks for simpleproxy
- add way to add locations in simpleproxy
2024-07-05 23:10:58 +10:00
658af2b6b6
Merge pull request 'feat: manage jellyfin data migration_flag' ( #90 ) from neoloc/jellyfin into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/90
2024-07-04 00:09:22 +10:00
f3046f8fbb
feat: manage jellyfin data migration_flag
2024-07-03 22:49:54 +10:00
8e1622a158
Merge pull request 'neoloc/glauth' ( #87 ) from neoloc/glauth into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/87
2024-07-02 18:12:54 +10:00
fe35baacfd
chore: cleanup glauth
...
- remove datavol, not required
- remove commented out systemd socket
2024-07-02 18:12:08 +10:00
6e3802ad57
feat: add users/services/groups
2024-07-01 22:54:22 +10:00
c8604baa4e
feat: add glauth role/profile classes
...
- role added to cobbler
- add role specific hieradata
2024-07-01 22:42:29 +10:00
f81b5753ff
feat: add jellyfin role/profile classes
2024-06-30 00:02:16 +10:00
d07751a151
feat: haproxy for *arr stack
...
- add additional backends
- set *arr's to export as a backend
- add *arr.main.unkin.net certificates
2024-06-28 22:46:50 +10:00
9b8556f487
fear: deploy additional *arr stack apps
...
- cleanup hieradata entires for roles to remove some defaults
- add profiles::media::* classes to manage *arr stacks
2024-06-27 23:42:33 +10:00
7efd6edea9
Revert "chore: cleanup yum repos"
...
This reverts commit febd98d316
2024-06-27 22:11:46 +10:00
febd98d316
chore: cleanup yum repos
...
- cleanup yum repos on first run
2024-06-27 21:59:27 +10:00
5f5a9f5f65
Merge pull request 'feat: add prowlarr module' ( #69 ) from neoloc/prowlarr into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/69
2024-06-27 21:34:30 +10:00
3c63d8e797
Merge pull request 'feat: add readarr module' ( #68 ) from neoloc/readarr into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/68
2024-06-27 21:34:17 +10:00
f2046efebe
feat: add prowlarr module
...
- add media::prowlarr role
2024-06-27 21:32:13 +10:00
0b7f07692c
feat: add readarr module
...
- add media::readarr role
2024-06-27 21:21:18 +10:00
40ff5f7d92
feat: deploy radarr
...
- manage ens19 nic on ausyd1nxvm1040
- manage cephfs storage
2024-06-26 22:57:36 +10:00
679a4203a9
chore: duplicate resource
2024-06-26 22:42:17 +10:00
b90c6468b3
chore: add facts/motd to firstrun
2024-06-26 22:37:17 +10:00
3b907159f1
chore: change eth0 to ens18
2024-06-23 16:47:46 +10:00
803a0ac01d
Merge pull request 'neoloc/cephfs' ( #54 ) from neoloc/cephfs into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/54
2024-06-23 15:34:04 +10:00
82ed27cf56
feat: add sonarr profile
...
- add cephfs secret for mounting mediafs
- add ceph-reef repo for apps::media roles
- add the shared cephfs mediafs mount
2024-06-23 15:33:40 +10:00
5631f07e6e
feat: add cephfs shared volume define
...
- add ceph class to manage ceph client configuration/packages
- add cephfs define for mounting volumes
- add ceph keyring define to manage secrets used to mount cephfs
2024-06-23 15:33:33 +10:00
548076728a
feat: swap networkmanager for network service
2024-06-22 16:31:03 +10:00
f5a9eaef4a
fix: proxmox ceph services use different network
...
- set the consul services for ceph mon, mds, mgr and osd to report the ceph
cluster interface
2024-06-22 00:45:17 +10:00
4db9faa551
chore: include profiles::defaults in all roles
2024-06-21 22:57:47 +10:00
8548ef0284
Merge pull request 'neoloc/sonarr_deploy' ( #48 ) from neoloc/sonarr_deploy into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/48
2024-06-21 22:53:06 +10:00
681f9e3eb8
feat: deploy sonarr
...
- add required hieradata/role data to deploy sonarr
- add nginx simpleproxy
- add consul service/query
- add vault certificates
2024-06-21 22:51:40 +10:00
a431c50980
Merge pull request 'chore: add media managemnet roles' ( #44 ) from neoloc/media_roles into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/44
2024-06-21 20:50:04 +10:00
d98b12bf81
chore: add media managemnet roles
...
- add radarr, lidarr, nzbget
2024-06-21 20:49:28 +10:00
59b181ed54
Merge pull request 'feat: add ceph mirror to edgecache' ( #43 ) from neoloc/ceph_mirror into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/43
2024-06-21 20:44:08 +10:00
36ad19ffed
feat: add ceph mirror to edgecache
...
- add ceph reef apt and rpm repository to edgecache
- add the centos storage sig gpg
2024-06-21 20:38:54 +10:00
a3ef535bfc
fix: ceph consul check script
...
- add permissions to write ceph-* services to consul
- change from `script` to `args` array
2024-06-19 22:36:04 +10:00
eb462eb3a3
fix: update check script to use pgrep
2024-06-18 21:33:38 +10:00
94aed2df9c
feat: add pveceph consul services
...
- refacter the pveceph facts
- define consul services for osd, mgr, mds and mons
2024-06-18 21:14:57 +10:00
c6530e34f6
Merge pull request 'feat: add haproxy exporter' ( #38 ) from neoloc/haproxy_exporter into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/38
2024-06-17 21:36:31 +10:00
5725d092b8
feat: add haproxy exporter
...
- add admin socket for exporter
2024-06-16 20:56:23 +10:00
62cac63f11
feat: add database generation to grafana
...
- ensure a database, user and credential is created for each grafana node
- ensure all databases for a region are included in a mariadb cluster
- refine params with stdlib types
2024-06-16 18:49:59 +10:00
0fe05bb896
Merge branch 'develop' into neoloc/grafana
2024-06-16 00:39:45 +10:00
a901a0b868
feat: puppetserver dropins
...
- change ExecStartPost for crl.pem to two commands
- run `puppet generate types` after starting puppet
2024-06-16 00:11:56 +10:00
58acd83410
feat: manage latest crl for puppet
...
- ensure the latest crl.pem exists on each no-ca puppetserver
- ensure the latest crl.pem is used after each start of puppetserver
2024-06-15 23:32:50 +10:00
cc0a9e132e
Merge pull request 'fix: yumrepo purging' ( #34 ) from neoloc/yumresources into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/34
2024-06-14 23:57:54 +10:00
67f831edaf
fix: yumrepo purging
2024-06-14 23:55:31 +10:00
c9abc779a0
Merge pull request 'fix: yumrepo purge after deploy' ( #33 ) from neoloc/yumresources into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/33
2024-06-14 23:32:41 +10:00
380bb7bcb5
fix: yumrepo purge after deploy
...
- ensure the resources resource for yumrepo runs after deploying yumrepo resources
- rm all almalinux*.repo files before attempting to create yumrepo
resources
2024-06-14 23:21:14 +10:00
82ce3ed4d7
feat: ensure tftpd started on cobbler
2024-06-14 23:11:49 +10:00
cbbcfa3b9e
chore: cleanup old enc class
2024-06-11 20:29:21 +10:00
b7a22551b1
feat: add sonar role
2024-06-10 21:21:20 +10:00
d4163233f6
Merge branch 'develop' into neoloc/sshsign_hostkeys
2024-06-09 20:38:25 +10:00
52b06dcd8e
feat: manage ssh known hosts
...
- disable use of stored configs for ssh-known-hosts
- manage the /etc/ssh/ssh_known_hosts content
2024-06-09 20:26:34 +10:00
57b935b33e
Merge pull request 'neoloc/networking' ( #21 ) from neoloc/networking into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/21
2024-06-08 17:08:51 +10:00
06545c6298
feat: change hiera_include, hiera_exclude
...
- change hiera_classes to hiera_include
- add method to remove classes from hiera_include through hiera_exclude
2024-06-08 17:07:58 +10:00
aaf482c9b9
feat: manage the facts soft limit
...
- set the facts soft limit for agents and servers
- prevent warnings about reaching the default 2048 soft limit
2024-06-08 13:56:53 +10:00
6822a39dc3
fix: make ntp check script executable
2024-06-03 20:23:23 +10:00
76fc6b9fa1
fix: add missing check script
2024-06-02 19:32:02 +10:00
da3444e49f
feat: create ntp consul service
...
- create consul policy for ntp servers
- add consul service check and check script
2024-06-02 19:23:39 +10:00
b468f67103
feat: sign ssh host keys
...
- manage python script/venv to sign ssh host certificates
- add approle_id to puppetmaster eyaml files
- add class to sign ssh-rsa host keys
- add facts to check if the current principals match the desired principals
2024-06-01 22:51:42 +10:00
cc7165055d
Merge pull request 'feat: refacter gitea profile' ( #7 ) from neoloc/gitea_refactor into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/7
2024-06-01 17:28:28 +10:00
4bd3310ea8
feat: refacter gitea profile
...
- move more data to hiera
- change how the custom_configuration is made
2024-06-01 17:16:37 +10:00
4b4272250a
Merge branch 'develop' into neoloc/grafana
2024-06-01 14:47:06 +10:00
3dfe9b9b73
Merge pull request 'feat: puppetdb sql updates' ( #5 ) from neoloc/puppetdb_sql into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/5
2024-06-01 14:36:27 +10:00
810ba9ddb7
Merge pull request 'neoloc/nodelookup_consul' ( #2 ) from neoloc/nodelookup_consul into develop
...
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/2
2024-06-01 12:11:48 +10:00
7cf2e78cea
feat: add sort and count to node_lookup
...
- add -C option to count number of identical records
- sort responses from node_lookup
2024-06-01 12:09:53 +10:00
91e3f2d427
chore: change node_lookup to use consul
...
- remove https, use http backend as no authentication is required
2024-06-01 12:04:57 +10:00
fab4ea5998
feat: add gitea classes
...
- add basic gitea class
2024-05-28 23:14:36 +10:00
ad268e8977
Merge pull request 'feat: vault use vault' ( #226 ) from neoloc/vault_use_vault into develop
...
Reviewed-on: unkinben/puppet-prod#226
2024-05-26 00:38:55 +09:30
7c0bf4a398
feat: vault use vault
...
- change vault to use vault ephemeral certificates
- remove nginx frontend to vault
2024-05-26 01:06:48 +10:00
